⚡ Weekly Update: Drift Breach Unveiled, Active Zero-Days, Patch Alerts, Evolving Threats & More

 
Sep 08, 2025
Cybersecurity / Hacking News

Cybersecurity constantly evolves, with each week bringing fresh threats, vulnerabilities, and crucial lessons for defenders. For security and IT teams, the challenge lies in discerning which risks demand immediate attention. This digest aims to provide a straightforward briefing to help prioritize what matters most.

This week, the notable story is the Salesloft–Drift breach, where attackers compromised OAuth tokens, gaining access to Salesforce data from major tech companies. This incident underscores how fragile integrations can become critical vulnerabilities in enterprise defenses.

Additionally, we’ll discuss several high-risk CVEs currently under active exploitation, the latest strategies of advanced threat actors, and new insights on streamlining security workflows for greater efficiency. Each section delivers essential information, ensuring you stay informed and prepared without being overwhelmed.

Threat of the Week
Salesloft to Take Drift of…

Weekly Cybersecurity Update: Major Data Breach at Salesloft Linked to Drift, Ongoing Threats, and Rising Cyber Intelligence

September 08, 2025
Cybersecurity / Hacking News

The landscape of cybersecurity remains in constant flux, with each week bringing fresh challenges, vulnerabilities, and essential takeaways for security professionals. For IT departments, navigating these developments requires not only vigilance but a keen sense of prioritization in identifying which threats require immediate attention. This digest serves to provide a succinct outline, ensuring you remain informed and focused on critical issues.

This week’s spotlight is on a significant breach involving Salesloft, where adversaries successfully pilfered OAuth tokens, leading to unauthorized access to Salesforce data from numerous prominent technology companies. This incident underscores the precarious nature of integrations and how even minor vulnerabilities can destabilize an organization’s security posture.

Examining the specifics, the target, Salesloft, has been a crucial player in the sales automation industry, servicing a broad spectrum of high-profile clients. The breach illustrates an evolving threat landscape, where traditional defenses may falter against sophisticated cyberattack strategies. The incident occurred primarily within the United States, emphasizing the local implications of such cyber incursions and the urgent need for proactive security measures among businesses.

In analyzing the tactics likely employed during this attack, the MITRE ATT&CK framework offers valuable insights. The initial access to the network may have been facilitated through credential dumping or exploitation of misconfigured authentication, allowing the attackers to infiltrate deeply and maintain persistence. Once inside, privilege escalation tactics could have been utilized to gain heightened access to sensitive data hosted on Salesforce.

In addition to the Salesloft breach, several other high-risk Common Vulnerabilities and Exposures (CVEs) are currently under active exploitation. These vulnerabilities highlight the need for ongoing vigilance as new exploits are routinely being discovered and leveraged by advanced threat actors. Staying abreast of these developments is essential for businesses seeking to fortify their defenses.

Furthermore, this week brings fresh insights into enhancing security workflows. Adopting smarter approaches to threat intelligence can help mitigate noise from alerts, allowing security teams to prioritize genuine threats more effectively. By leveraging automation and advanced analytics, organizations can streamline their processes and respond more rapidly to potential incidents.

As we continue to navigate an increasingly complex cybersecurity environment, it is crucial for business leaders to remain informed about these developments. The recent Salesloft–Drift breach serves as a stark reminder of the vulnerabilities associated with third-party integrations and the necessity for robust security measures. With adversaries continually evolving their tactics and techniques, proactive defense strategies must be a top priority for all organizations.

Source link

Related Posts

Compromise of GitHub Account Triggers Salesloft Drift Breach Affecting 22 Companies

Sep 08, 2025
Supply Chain Attack / API Security

Salesloft has announced that the breach associated with its Drift application originated from a compromised GitHub account. An investigation by Google-owned Mandiant revealed that the threat actor, identified as UNC6395, accessed the Salesloft GitHub account over a span of three months, from March to June 2025. The method of access to the GitHub account remains unknown. Currently, 22 companies have reported being impacted by this supply chain breach. According to Salesloft’s advisory, the attackers leveraged this access to download content from various repositories, add a guest user, and establish workflows. The investigation also revealed that reconnaissance activities were taking place within the Salesloft and Drift application environments during the same time frame. However, it noted that there is no indication of any actions beyond these limited reconnaissance efforts. In the subsequent phase, the attackers gained access to Drift’s Amazon Web Services (AWS)…

How Top CISOs Secure Budget Approval

As budget season approaches, security often faces scrutiny and can become a lower priority. If you’re a CISO or security leader, you probably find yourself justifying the need for your programs, tools, or additional team members, emphasizing that the next security breach is just one oversight away. However, these arguments can falter unless articulated in a way that resonates with the board. According to Gartner, 88% of boards view cybersecurity as a business risk rather than just an IT concern, yet many security leaders still face challenges in elevating the importance of cybersecurity within their organizations. To make security issues resonate with the board, it’s crucial to communicate in terms of business continuity, compliance, and financial implications. Here are a few strategies to help you reframe the conversation, simplifying the technical complexities into clear business objectives.

Acknowledge the Serious Risks

Cyber threats are continually evolving, ranging from ransomware to supply chain attacks, and…

[Webinar] The Rapid Rise of Shadow AI Agents: Strategies for Detection and Control

Join us on September 9, 2025
Artificial Intelligence / Threat Detection

⚠️ Just a single click can trigger a chain reaction. An engineer launches an “experimental” AI agent for a workflow test. A business team connects to streamline reporting. A cloud provider quietly activates a new agent behind the scenes. Individually, these actions may seem innocuous, but collectively they create an unseen network of Shadow AI Agents—operating beyond the reach of security measures and linked to unknown identities.

The harsh reality is that each of these agents poses significant risks:

  • Impersonation of legitimate users
  • Unauthorized non-human identities with access rights
  • Data breaches across supposedly secure boundaries

This is not a distant concern; it’s an urgent issue impacting enterprises globally, and they’re proliferating faster than governance can address. Don’t miss our upcoming discussion: Shadow AI Agents Uncovered. Secure your spot today—[Register Here].

Explore Why Shadow AI is Growing Rapidly
From identity providers to PaaS platforms, it’s alarmingly easy to create…

SAP Releases Critical Patches for NetWeaver (CVSS Scores Up to 10.0) and High-Risk S/4HANA Vulnerabilities

Date: September 10, 2025
Category: Software Security / Vulnerability

On Tuesday, SAP issued security updates to rectify numerous vulnerabilities, including three critical flaws in SAP NetWeaver that could lead to remote code execution and unauthorized file uploads. Details of the vulnerabilities are as follows:

  • CVE-2025-42944 (CVSS Score: 10.0) – A deserialization vulnerability in SAP NetWeaver that allows unauthenticated attackers to submit malicious payloads via the RMI-P4 module, potentially executing operating system commands.
  • CVE-2025-42922 (CVSS Score: 9.9) – An insecure file operations vulnerability in SAP NetWeaver AS Java enabling authenticated non-administrative users to upload arbitrary files.
  • CVE-2025-42958 (CVSS Score: 9.1) – A missing authentication check in the SAP NetWeaver application on IBM i-series, which could let unauthorized highly privileged users read, modify, or delete sensitive information, and access administrative functionalities.